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Data access in a telephone system 
Field of the invention 

This invention relates to an improvement of the data security of 
5 data access in a telephone system. Quite especially, the invention relates to 
an improvement of the data security of direct data accesses connected to 
mobile communications systems. 

Background of the invention 

10 As the data transmission capacity of telephone systems is 

increasing, as the services provided by data networks are improving and as 
the use of data networks, such as the Internet, is becoming more general, 
the need for connecting the telephone system directly to data networks has 
grown. To meet this demand, Direct Data Accesses DDA have been 

15 developed, wherein the exchange of the telephone network is connected 
directly to the data network. 

Figure 1 shows such an arrangement by way of example, wherein 
there is a direct data access from a Mobile Switching Centre MSC to an 
Asynchronous Transfer Mode or ATM network, to a Public Switched Packet 

20 Data Network PSPDN, to a Private Network PN, to a Local Area Network 
LAN . and -to a -data network, in accordance with the X.25 protocol. Through - 
the exchange, data sesrviees jm^y ^be used by. mobile stations directly 
subordinated to the exchange, such as Mobile Stations MSa, by mobile 
stations MSb subordinated to other mobile services switching centres, such 

25 as MSC2, which are connected to the exchange through the network; and 
by subscriber equipment, such as Fixed telephone network Subscribers FS, 
of other systems which ,are connected to the exchange through an Integrated 
. Services Digital Network ISDN. 2 " ? '<<*..-. 

...... MSC is connected to an ATM network with anJWF matching unit. 

- 30 The matching unit collects data transmitted by the subscriber in the form of a 

■ ■ ■ . .- . _ . ' ' -.. . • ■ -(.is 

circuit switched data signal and from this it forms packets or cells of a fixed 
length suitable for transmission to the ATM network. The circuit switched 
data signai may be e.g. in accordance with the CCITT V.24A/.28, CCITT 
V.110 or CCITT V.120 standards (CCITT = Cbmite Consultatif International <- 
35 de Telegraphique et Tetephonique). Correspondingly, the matching unit - 
sends information contained in. the cells which it. receives from the ATM 
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network and which is to bevsent to: the. user and transmits it to the user in a 
; r circuit [Switched : form. iTb : make possible s&vera! connections in parallel, 
: ^severalrmatching units in parallel may. be used. - ^ 

: ., The exchange ;is connected to the public switched packet data 
*: 5 network by >av Packet -Handler ,PH, which converts the circuit -switched data 
..~ signaLinto a data packet flow. in accordance with a protocol,; such as the 
Transport Control. Protocol/internet, Protocol TCP/'P,- which is used in the 
^public data network. The packetrhand let. functions as the access point to the 
data network Jn relation to; the telephone system. Several packet handlers 
,10 , may; rbe ; connected^ to the exchange, r whereby; [-several- simultaneous 

r -connections may he set up with tbedata network.-, ^ 
i: * • ! r":. To oa» private network PNv such as the jn-house; network of a 
cd : company, the exchange, is connected by ran IWF .(InterWorking Function) 
. matching unit,- which convents the circuit switched- data signal in accordance 
;15 with .the protocol used in the private network. Thematching unit is connected 
to the- private data^ network , by aofixediy allocated .subscriber .line, which 
v -...h functions as- the access point to the data;: ne^vorkv Several matching units 
< v may :be connected to the... exchange, whereby several simultaneous 
k- connections may be set upi: with the data network;; ^; 
20 •• : - The exchange is ? connected to, a LAN- loca! area network' by an 
iWF -matching unit and by . a iA^N. ROUTER connected ;to the former. The 
; exchange' may be connected to the router with seyerak; subscriber lines, 
■*\ whereby several simultaneous .connections can; be^ssfcup.^with the LAN 
.-j tV network. Th3 router functions as both access point . to; the: datn r network and a 
25 -concentrator, collecting in a buffer the data packets received in parallel from 
the. different subscriber lines snd supplying, them to the data network in 
. series form; . . ^ . , & j ;\ r • . 

r . \ Ins a- fifth connection .method, the packet network, which in the 

figure is a data network in accordance with the X.25 protocol, is connected to 
-.30 ;.; the:: exchange with the -/aid of an IWF '.matching unit and a Packet 
r; .^Assembler/Disassembler : PAD. The matching:- unit sends to the packet 
<. ■ assembler/disassembler functioning as thetaccess point to the data network 
a -circuit .switched data signal, :which may^be e.g. in accordance with the 
; GCiTT V.24A/,28:or CCITT /S/AAO standards. Of the circuit, switched signals 
>;35., ,-thej;p : acket assembler/disassembler forms packets, buffers the packets and 
A : 'M. ;suppiies;thein to the data network- in series .form,. :i ^ , 
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£ Furthermore, the- mobile-switching centre may be connected to a 
PDN. packet data network^ with ^the aid Tof ran' l^-'matehi'ng-'.-Qnit and an 
Access Router AR. The-ARiisieortoected lo a ^ PCM 
matchrngv unit by' a Conductor on cwhichea protocol 1n accordance with the 
5 • GCITT.V.110 or'GCFPF V;120 standard' iS: L used:;3rhe: access -router converts 
-the circuit switched data^ signal :goingHavthecpacket network -so: that it is in 
\. accordance with -thei packet data'; protocol used- w the packed network, and 
i sends 4t to the packet data ;ndtwork;oTJies packet-switched -data which it 
receives frem the packet "data- network <the v access router converts into a 
10 : circuit' switched ^ata signal-to be sent to the ■ exchange. "fThe exchange is 
connected to the r access r.router :*by exchange - signalling} rsuch as e.g. 
signalling -iin accordance", with the \30B+Ds standard, the DPNSS (Digital 
' ' Private' 1 Network •Signalling ;System) cORtharQSIG ^international signalling 
- standard: for corporate'- networks:. [Differing from the other data .accesses 
= 15 / showny in figure- i, the mobile switching ^entre^mayc set up , -signalling 

?- *. connections with thd access router^outside^the traffic:channel: ! - ; r.' ■ 
; 1 ~n > Data 'Seburity^s- one of thecmajor ;probleras with data accesses. 
Since data networks very often certain* information which must be kept 
secret from outsiders.-access of outsiders ■ to the network must be prevented. 
20/ In. connection witH' charge^blevdata^eivices^the network operator to be able 
; to. charge ^eeds the identity of ithe user using vthe network services. Also in 
.* this.case, it^mu3t v, be ! possible*to*prevent=any user assuming j a>.false identity 
u ; ifrom gaining access to the network services;- iHowever^ in the system shown 
: > ' in Figure^ anyone who learn© the call number of ;a data network service will 
■25 gaih.aocess tathe netwbrk and thus to use; sen/ices of the network. 

: t -;c: F;igure r ^2; ; ' "shows a state-of-the-art ^arrangement - in a mobile 
communications system for preventing switching-on under a false identity to 
■;r.a HOST , server located \n\a data network. -Mobile station MS requests 
>r ^ connection' set-up of that mobile switching, centre- -MS€2 under which it is 
30 located at the moment. On receiving the. request fora connection set-up, the 
: MSC2 authenticates the mobile station (step - P.ljao^makeKsure that the 
mobile.istation- . has' given a -true subscriber identity. -Having . ensured the 
identity of*' the mobile station, the. MSC2 sets up' a- connection with that 
u exchange MSC1, which by-way of the PAD packet assSemblef/disassembier 
■ 35c . is directly in connection with the data'hetwork. MSC1 switches on ; to the 
packet assembler/disassembler, iwhichvsends back «to *he^subscriber a 
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^request v to perform an authentication procedure; (Dased on the use of a 
..password. (step P2). In response to the request, the subscriber supplies his 
; ysej identification and- his password. The packet assembler/disassembler 
. r checks jf the ^password -given by the user is the same as the password stored 
, . 5 in its.own user .database. !f this is the case, the subscriber, is given access to 

, c the data, network. Otherwise access is barred. 
. , , Jnside the data network, the network elements trust one another 
V ;., (step,. P3). Hereby all subscribers who have been given, access to the 
. j . ■ networks have access to all servers of the network,: .unless these are 
10 separately protected , e.g. by authentication, procedures based on the use of 
a : password.. After, the authentication, the packet; assembler/disassembler 
-. located in th£ exchange begins to convert the circuit switched data flow 
received from the mobile station into packet; form and to send it in packet 
switched form through the data network and further to the HOST server. 
15 Correspondingly, the packet ..assembler/disassembler receives from the 
^. v - HOST server in the data network packet .switched data, which is converted 
. by.Ahe packet assembler/disassembler into; circuit switched forrp and which is 
. sent on the circuit switched connection to the MS mobile .station. = 
,,. r ,. „ , . . Figure, 3 shows another state-of-the T art arrangement in a mobile 
, 20 , . communications system for preventing switching-pn under a false identity to 
a HOST server located in a data network. The connection -set-up from the 
mobile, station to the MSC1 exchange, .which is connected directly with the 
data network through a PAD packet assembler/disassembler, is set up 
- .; . t .exactly in the same manner as in the example shown in Figure 2. However, 
r _. 25. the packet assembler/disassembler does npt authenticate the subscriber, but 
it sends in packet form a request for connection set-up to the HOST server. 
. Hereby anybody who knows the call number of the PAD packet 
. assembler/disassembler may set up a connection with the HOST server. To 
prevent, unauthorised use of the server, authentication procedures are used, 
3[0. wherein^ the user sends his user ID and his password to the server in the 
data network. The server checks if the password given by the user tallies 
with. the password stored in the server's user database. If it does, the 
. subscriber is , given access to the server. If it does: not; access is barred. 

However, there are some < problems with state-of-the-art 

35 authentication methods. Firstly, the, .data , network must include means for 
performing the authentication procedure and for maintaining the password 
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"i ' database required'by the prdcedure/ f However,- these are not available in all 
* -data " networks ' and at' ? their^ access 1 points^ ; ; e,gV : ' in \ : the packet 
"assemblers/disassembliers/ whereby anybody hasaccess to use'the services^ 
1 • -.of k the' date r network - by dialling v the -call * number of the packet 
■ - 5 1 assembler/disassembler: Nor 1 is it- often sensible to implement the password 
authentication in a -serVer-spebifie manner,* since th& number of password 
databases 1 which must hereby' be maintained will often become too high. In 
additibii- the User when setting Yip the bonrtection must remember his user ID 
• -> anci the corresponding password, the number of which may be Considerable 
• 10' with a uiser using many'differ^nt -systems.' - : c - : 

- - • It is- an objective tif this invention to soive the problems described 

above? The objective "is achieved with -the method ' described in the 
j y- independent claims: ' • ;: ' • ' fc ' • v 

15 ! Brief description of the invention u 

r ^ — ■ The inventive idea ; is to define a* closed 'usergroup formed by- the 

; ■ ' access -point 1 to ] the data netwdrk and ! by the users 6f ; 'a service, incoming 
calls coming from outside the user group to the 'access point of the data 
: ? network are^barred. Calls inside the user group coming to the access point 
'20 " are given access: Hereby 'the telephone system in itself 'prevents users 
outside the data service's user group from gaining acciess to the networks- 
■■■ ■* The user of the data service when taking contact with the data 
i hietwork states^ the user group formed by users of the data service as the 
user, group of trie cairto be set up. This information can be established in the 
» 25 ' user's 5 subscriber data as the default user group of the basic service in 
- * question, ^whereby the information neeid not be given manually when the call 
v is set up ; The telephone system when setting up the call checks whether the 
user belongs to the user group mentioned in the call set-up data and whether 
: he is otherwise entitled to the call. If the user is entitled" to- the call, set-up of 

30 the cal! is continued to that exchange from which there -is ; a direct connection 

with the data network. J 
■ : ' The exchange whibh has a direct connection 1 with the data 

network cheeks if -the access' point to the data network '¥llbws set-up of the 
: calk Set-up of the call is allowed only if the a'ccess'point belongs to the user 

35 r group'given by the user requesting set-up of the connection.' l;,Jt 
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3 J =" ■ ,2. The -telephone system is preferably a- mobile communications 
. -system, whereby^the identity of the user requesting set-up of the connection 
can :he ; ; verified through \khown authentication procedures of the mobile 
communications system. ■• *:> > 



10 - " Figure .1 ; shows ;an arrangement for connecting subscriber equipment to a 

. . data network; - 1 - ; 

Figure 2 shows an example of authentication of a data service user; 
Figure 3n; shows another exampleiof authentication of a data service user; 
Figure 4 shows set-up of an outgoing call; .: ) 
.15 . : Figure 5. - shows a user's service record; : v 

..; ^Figure 6* :-shows set-up of an incoming call; r ■/ 

s ?r* ■■■ Figure 7 * shows* abuser's* service record; . r 

Figure 8 shows a check made when setting up a call of a finishing closed 



20 , Figure 9 shows an authentication process. r. . . 

■ " ' '- . ■; • 

Detailed description of the invention 

. It is knoyvn in telecommunication systems to define closed user 

groups GUG e.g. defined by-the staff of a company or;by a certain circle of 
. or . 25;/ friends. The services of a user group may be v different as regards the 
- services: and e;g, cheaper than normal calls. 

Use of a closed user group in a telecommunication system is 
■ ■ .described in the GSM 02:85 specification published by the ETSI (ETSI = 

European! Telecommunications : Standards Institute)** According to the 
30 v specification, such different subscriber options may" be. defined for a 
Lsubscriberlbeionging to a closed user group, which indicate what kinds of 
call -the subscriber may receive or make. These. subscriber options are 

: . 1> CUG calls only; .the subscriber may set up calls only with 
subscribers of his own CUG group; ' ; 
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List of figures ' . 

The- invention will be - described . more closely referring to the 
appended drawings; wherein 



user group; and 
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ij. 2, Access.for CUG and -incoming calls;: the'subscriber may set up 

■■ .calls with subscribers of his own CUG^groiip anduttay also receive incoming' 
calls coming from outside his own GUG-!group (IA, Incoming Access); 

3. Access for CUG and outgoing: calls; the subscriber may set up 
5 calls with subscribers of his own CUG group and he may also make outgoing 
calis going outside his own CUG group (OA, /Outgoing- Access); and 
- ; 4., Access for CUG and outgoing and incoming calls; the 

subscriber may set up calls with subscribers of his own CUG group and he 
may also make outgoing calls going outside his own CUG group and receive 
> 10 incoming; calls coming from outside :his own CUG user group (1A + 1 OA)\: 

In addition, restrictions inside the user group may be defined for 
the subscriber, - :Y : '. .. 

r- . . 1: ICB,.lncoming;Ca1ls Barred within a CUG:; and : : ; 

2. OCB, Outgoing sCalls Barred within a;GUG. 
15 A subscriber may belong to, several closed CUG user groups at 

the same time, some of which may fbe chosen as the 'default group, which is 
used in the set-up of outgoing callsynjnless otherwise -mentioned! separately 
for the individual call. ; v ■* : • v ; u , : 

According to the present invention, such a user group is defined in 
20 a telephone system which? includes the data network's access point and 
users of the data network. The access point can also be defined as 
belonging to several smaller user groups, whereby the users of the data 
; .'network are jn some way divided into these groups. This grouping may be 
■,; \ -i used to advantage e.g. in keeping statistics on and in charging of calls. 
25 . : - Figure 4 shows the progress of a set-up of a call in accordance 

with the invention which is going out from a subscriber. After the mobile 
-., station has made a CHANNEL REQUEST for set-up of a connection, the 
mobile switching ' centre MSC2. checks the mobile, subscriber's identity 
-through an authentication procedure AUTHENTICATION.. .If: the identity is 
30 proved false,; set-up of the call, is broken off. If the -identity^ given by the 
< mobile station proves, to be true,, set-up of the calheisistarted with the 
information given.by the mobile station, which is the; BGI.E (Bearer Capability 
Information- Element) and the CUG INDEX user group data. If the user does 
not separately and manually define any user; group : data -for use in 
35 connection with the calL set-up, that default data will be used in the call set- 
up which he has established in advance. 
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-When -^setting up a data; call in a. packet data network, the 
;i-subscri^er .-uses,.- a &A5.ba$i.cf. service, which is the; PAD service to use when 
; ;. switching on to : , packet data ^networks at a transmission ; rate of .9600 bits a 
second. Jf the usert groups ; of. .the data: network's access point is the user 
5 - group defined by ;the ;subscriber as j default value -when using this basic 
service, the subscriber need not give it separately in the call set-up. 
• ••. : However,<the use of a default value user group, must not be prevented in the 

■ j. . individual call. Jf the user's default value, user group is different from the user 
; ■.. j9rQ u P °f the data> network's access point, the.subscriber when setting up the 

■ TO data call ;must separately input the GjUG INDEX of the true user group. 

. ; . \ ; . , rNext, the exchange, checks (CLfG-0HECK(O)) whsther the mobile 
station,; has the right- to . a set-up cf the GUG .call -he -has requested. This is 
f « ; * done with the ;aid of the BC ' E service identifier received from the subscriber, 
r with the GUG INDEX: of the user group data, with subscriber data stored in 
. 1 5 : the yisitor, location register VLR and, with' a.special aUthorisation function. 
^ Figure 5 ,sho^s storing; of, data relating toiclosed user groups in 

the home location register HLR of a subscriber entitled to: access to a data 

■ : : . .\r network. The. data, stored in the subscriber's! visitor location register VLR is a 

copy of .the data shown in the ./figure. ; The IMSP (International Mobile 
20 .Subscriber Identity); is the key to the record. A list^of the; call services to 
Which the subscriber has a right is appended to the subscriber identity. The 
services are distinguished- from each other; by: using ^BSGC (Basic Service 
; Group Code), codes. With the services are combined CUG INDEX LIST data 
. -.: qf.the^user groups, available to the.subscriber, DEFAULT CUG INDEX of the 
25 closed user group to be- used, primarily in., the call set-up, data on OA 
: j( outgoing access forcafls going outside the croup and data 7 on incoming 
access for calls coming from outside the group.- * - •-■ : ; 

- ; t ; • < . c . In the example shown in Figure 5, in connection with a T11 call 
^ service the; subscriber is defined to belong to user groups ,rthe CUG INDEX 
30 -> of which, is 1/2- or.;4. Of these th&t user group.is defined to^be used primarily, 
,v ;th^ j; GU ( G; ;: INDEX; of which = 1. There is ^ccesS ; both for calls going outside 
v ... the r grcup and for calls coming from outside the -group (OA = T, IA = T). 
Correspondingly,- ;1n connection, vvith fax- service T62 of group 3, the 
f/ r subscriber belongs to groups, the CUG INDEX of which are 1,i 3 and 4, while 
; 35 ; nrthat-user group is, used primarily, the, CUG INDEX of which -1. There is 
access both for calls going outside' the, group^ and for calls coming from 
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outside the group (OAft= T V 1A = T); When- switching on to packet data 
networks at a. transmission rate ; of:96GQ bits a "second irVconhection with a 
BA6- PAD. service; the user belongs toJtHat^^Js J er■g^oup' , ohi^, the CUG INDEX 
\ ; of f which;.= 2. Outgoing calls going-outside. the group are barred (OA = F, 
5 False)/ buMhere'-is access for incoming calls from outside the group (IA = T, 
-True). • >' • v.v f v - 

•• •• . % In additton to service >*data "and primary CUG-gfoups relating to 

services,,; the visitor location register stores a-descfiptibri tor the CUG IC 
; network-specific~ group attributes fOT use v between the 'subscriber-specific 
10.. .CUG: INDEX grotfp f attributes- 'and^rthe-^xcr^nge^: "IGB -arid OCB call 
:> restrictions within! the* tisep group are also definedoiVa user group basis. In 
;the example shown in tfte fig rite, ther$ubscribefs usbr 'group CUG INDEX 1 
corresponds to ^ the^ CUG' ID 101" network-specific -identifier, while CUG 

- INDEX 2 corresponds to CUG IC 12, CUG INDEX' 3"corresponds to CUG IC 
15 - 1 and:CUGJlNDEX:4 correspbnds to GUGrIC 14,ifi the example shown in 

- the figure/ the subscriber *ns(y bdthorecejve and set up calls within the group 
-< * in all user grbUps; - "~ :: :-' J - .- - - 

•c-;c • • The mobile* switching centre- uses a SEND jNFO.iO/G_CALL 
- message (Figure 4) to ask the^visitor location registerVllR if "the subscriber 
20^; has- the right to the' call set-up he hds -requested. -If he : does not, -the 

- >iConnection- : set-up : iscbarredc Having made sure that the rhobiie station is 
. .entitled to s^t-up ofcthe Call it-reque$ted, ir MSC2"sets ; up^a connection through 

1 _ NW (Network) with that exchange MSC2; which is in direct connection with 
:~ ... the/data network byway of the .access! point in the example: that is, through 
25 r ; Jhe r packet assembler/disassembler PAD. MSC2' provides the exchange 
MSG t with the usergroup data defined by the user. For .^his^to be possible, 
the signalling between* exchanges must support transmission" of CUG data. 
Such 'signalling is e.g.. the international ISUP (ISDN User Part) and the 
national TUP93 (Telephone User Part 93) whietefe used in Finland and the 
30 ; =* IUP (Interconnect UserPart^wrfich is i/sed in England?' lathis part the user 
c group- is identified using a CUG IC identifier which bhafnblgdoiijsfy defines 
the user group within the^network.' Having r sient the req0e'§t fof a connection 
set-up, the MSC2 -remains waiting fonANSWER from MSG1>/ If the mobile 
r subscriber's current exchange MSC2'jtSelf has'a direct' cbhri^etion with the 
35 data network/ the connection set-Up between exchanges^ 1 ' through the 
-network will ofeourse not take" place. 
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: . . ;rFigurei.€ ? LShowS;v,3et-ap of a finish:ng;cali. Having received the 

! SETlJFJ{eyG ; \C, QA). request for/a connection, set-up from the MW network, 
MSC1 checks (CUG-CHECK(T)) if the requested call can be set up. The 
< - user.grou£.datad^ received in the request 

, h; 5 ; for a connection- set-up t as well; as the user group data defined by the 

• :; ; recipient of the-, call, t thatri$^or-the PAD access point of the data, network, is 
, used in the check. If it^is^ found- in the check that the call may be set up, a 

• : ^(Connection ^ with the data , network : is set, up by way of the; . PAD packet 

assembler/disa5sernbler.::ln : addition, amANSWER-message is used to give a 
10; J( notification of the connection set up. to the exchange which made the request 
-vi >>*'. for a connection set-up.^? ■ .;■ , ; . ^ -v . 

. Figure 7, shows a record for use in the: storing of the user group 
r data defined foe the data network's .access point. The record, is preferably 
.a maintained .in that MSpi exchange,; which has a direct connection with the 
1,5 v, access point. The call numher.of the access point, that is, the !SDN number 
(ISDN = Integrated; Services Digital Network) functions as a key to the 
- : v record.- A list, is appended to; the- call ;number„of the basic services to which 
^ , .the connection is ^entitled. Services are distinguished from each other with 
the aid of BSGC (Basic Sen/ice Group Code) service codes. Combined with 
20; ..the services aretCUG INDEX LIST data- about the. user groups available to 
\: the connection, DEFAULT GUG INDEX about the closed user groups to be 
use.d primarily in the call set-up, data on OA access.for outgoing calls going 
. t outside the group-and data on access for incoming calls coming from outside 

• i ,,v the group. -■■*". ~ • ; „- : 

25 -«: In the example shown in the figure, only one basic service is 

defined for the connection, that is, the ; BA6 PAD service for use at a 
, : - ( , transmission rate of 9600 bits a second. The. connection belongs to one user 
;.; u group only, the CUG. INDEX-cf; which ,= 1. In accordance with the invention, 
- incoming .calls from -outside ' the group are barred (!A = F). Besides this, 
30 : outgoing- .icalfs going, outside idhe group are , also barred (OA = F) in the 
v,exampje:shoV(/n ,in the figurer . ..;.«■* 
;. - r- iiiv- In addition , the "database, of : the exchange stores a description of 
.2 . <;the,CUG IC network-specific croup attributes for use between the CUG 
7 ,c\, eV . INDEX subscriber-specific- group .attributes and .the exchanges. The ICB and 
35 a .lOjZ^call restrictions, within the group-are also;defined;on a user group basis, 
in the example shown in the figure, the subscriber's user group CUG INDEX 
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> . 1 corresponds • to :the GUG IC 12 network-specific : identifier. The connection 
niay both receive and set-up calls within the group Ih all User groups (ICB = 

: c F, OCB = F). "v: r , : .: • ••>."». ! ■ 1 /< - ^ 

5 .Figure 8 shows a CUG-CHECK(T) user group check to be made 
-5 "in/the MSC1 exchange. The check is : started -after -the 1 MSC1 exchange has 
received the SETUP(CUG IC. OA) request for a- call ket-up containing user 
group' data (step N01).The exchange first checks whether MSB belongs to 
the GUG user group defined by-subscriber A by 'compaVing 'subscriber B's 
IG(B) group identifiers with the IG(A) group 'data 7 given by subscriber A (step 
10 NQ2). If ^it Is found that 'subscriber B belongs to the defined user group 
(lC(A)e{IC(B)} is true), the function proceeds >to ; < step ' N03, where it is 
, checked if MSB -has -barred ^incoming calls- within the group (ICB). If calls 
\ / v withinthe group are allowed (ICB(B)' is false), ^the call set-up & continued as 
a CUG calf (step N04): A check as also-made of possible'call forwarding, 
1:5 'although such is' not made in 'practice at the data network's access point, 
. ■ which is whyit is of nosighificance to the invention. * ' i: ■ 
- . . : /- e <■ If it is found in step N02 that subscriber B-do'es not belong to the 
•v v-i . user group . definedvby subscribBr A^(IC(A)^{IG(B)}), or if it is found in step 
< U03 that subscriber B has barred calls'Within-tHe^group, progress is made to 
20 steps-Nil -and N12, where it is checkedtlf the call can be set up as a normal 
■ ■: . - , call;- A check is made in step N11 of whethersubscriber A has allowed the 
^, - ■. call td- go outside' the - ^roap <OA(A)) ; andrjn step N.12'it is checked whether 
subscriber B has allowed incoming calls coming from" outside the group 
(IA(B)). If both conditions are fulfilled, the call is continued as a normal call 
25--«- (step N13). If even one condition of steps N11 and N12 is not fulfilled, the 
call is rejected (step N20). - - ? - , 

- • v - * Since ; * according to- the invention, calls outside the' group are 
• vr " barred at the data network's access, point, condition" N.12 is riotrfulfilled with 
calls : ending at the access, point: Under. these circumstances, a connection 
-30 will be set up only if the access point belong$"to a closed user" group defined 
by the user (condition N02). Since no ibarring* is defined~~£t the access point 
; of incoming calls within the closed user:g roup; the call will always be set up, 
if the access point belongs to the closed* user'group defined -by the user. 

Having found that there is} access' for the call,:- M^Gt' switches on 
35 to the packet-assembler/disassembler arid the subscriber ■ is^giron access to 
; .;j;thedata network. - - ■ ■ . -: «> ± *. .. ? -\ 4 :•. 



8NSDOCID- <WO 9920031 A2_l_> 





WO 99/20031 



PCT/FI98/00795 



12 



r> -j . Figure- 9 shows : the authentication process^ ef the resulting 
connection.., : Based , on : the authentication according, to; the mobile 
.communications system between the mobile station and the mobile switching 
f centre MSG2, the MSC2 trusts the identity given by the mobile station (step 
5 ' .11:). Having checked the subscriber's right to use the closed user group 

- : r ^defined jn the. call (step !2), MSC2 can be sure that the:,subscriber who made 
j: the request ^for . a connection . set-up belongs to the defined- user group. 
H Between the mobile switching centres MSC2 and, M.SC1 the connection uses 
: such fixed linesv between the exchanges which are considered reliable by 

10. both. (step -13). Thus the MSC1 can be sure that the subscriber who made the 
request for a connection set-up belongs to the defined user group. MSC1 
continues to set up the call to packet assembler/disassembler PAD only if 
based on the access data of the packet assembler/disassembler it finds that 
the packet assembler/disassembler belongs to the user group defined by the 

15 subscriber (step 14). The packet assembler/disassembler is connected to 
MSC1 in a dependable manner (step 15), so it can be sure that all calls set 
up all the way up to itself have come from subscribers who belong to the 
same user group as the packet assembler/disassembler and who are thus 
reliable. Within the data network the network elements trust one another 

20 (step 16), so the HOST server too can consider the MS user reliable. 

In the examples presented in the foregoing only such situations 
were considered where the exchange is connected to the data network with 
the aid of a-packet assembler/disassembler PAD. It is obvious, however, that 
in order to improve data security the invention may also be used in other 

25 data access techniques, of which a few examples are shown in Figure 1. 

In the foregoing, the invention was described as applied to a GSM 
system, but the invention is not limited to this system. The invention can be 
used in the same manner in all mobile station networks, satellite networks, 
cordless systems, such as the DECT (Digital European Cordless 

30 Telephone), and trunking networks, such as the TETRA (Trans-European 
Trunked Radio). Nor need the telephone system necessarily be a circuit 
switched system as in the examples, but the invention may also be used for 
connecting packet switched systems, such as the GPRS (General Packet 
Radio Service), to data networks. Another example of a non-circuit switched 

35 system, to which the invention can be applied, are systems utilising the ATM 
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cell-swifche'd forwarding •methTod'-ThS -ATM is designed for use e.g. in the 
- planned mobile communications systems of the thirtl generation. " 1 
1 '■• -. £ - '* Nor is if r es£&ntial : for the ' basic inventive idea 5 that ' a telephone 
^-system wnich'is switcheddh to a data network is explicitly' a f mobile station 
. 5~ -netwdrk. Wheh 'applying- the' invention to 1 £ mobile tommuhications Network, 
1 ' however, it is pbs'sibieto make use bf the existing authentication functions of 
^the^rnbbile Communications system ''in^ Order to Verifythe identity of the 
sabtecnbef who W&nts to However, 
the^nvention-niay be' implemented in the same ^ way also tb the exchange of 
10 a fixed 1 network by defining a closed user group includirig s hetwbr : k users and 
^ \ a data metwbrk' access point. " - -■'-< -3 ; — 




WO 99/20031 PCT/FI98/00795 

14 



t * * 



Claims 



1. Method .of improving the data security of a data service 
connected to . a, telephone network in a . telephone system including 
. subscribers, .subscriber-, equipment and telephone exchanqes, wherein the 
5 data §ervicej$ connected to the telephone exchange by a data access, the 
call number of which is chosen by the subscriber when starting the data call, 
, and in vyhich system it is possible to form closed user groups, the inside calls 
. of which are different as regards the way in which they are set up from calls 
made outside the user group and from^caljs received from outside the user 
10^ group, whereby data concerning, the user group .is.stored in the subscriber 
data of the subscribers belonging to the group^ 

characterized in that 

a closed user group is formed which .includes the. data access and 
the users of the data service which it connects, with -the telephone system, 
15 and data indicating membership jn the user group is added to the access 
data of the data access. 
, _ when starting a data call, the subscriber sendp a request for set- 

up of a data call connection as. a call of the,, closed us,er group, "and if the 
. subscriber has the right to calls within the user group: 
20 , ( .the data call is . routed to that telephone exchange which has a 

connected data access whose call number was chosen by the subscriber 

in the telephone exchange, the user group data of the call is 
compared with the access data of the data access,, 

. such incoming calls are barred which ; come from outside the 

. ^ ' 1 l ' . t ' F 

25 closed user group of the data service ; and . - , . 

_ such incpming calls, to the data access are t set up which are within 
the closed user group of the data service. . 

.. . 2., Method as defined in claim 1, characterized in that the 
telephone system. js a mobile communications system including at least one 
30 mobile switching centre which has a direct data access to the data network. 

.... 3. Method as defined inclaim 1, characterized in that the 
subscriber is defined as; belonging to the closed, , user group, of the data 
serviqe by .adding. to the subscriber, data an identifier (CUG IC) defining the 
closed user. group unambiguously in the telephone. network. ; 
35 , ^ 4. Method as 'defined, .in. claim 3, characterized in that it is 
found that the. subscriber is ^entitled to calls within the closed user group of 
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the data service, if the subscriber's subscriber data is hows that the subscriber 
: belongs to the' closed User group of the data'servfce. 

5\ Method as defirifed in claim 0 !; '6 h a ■'? a Sr ; e' rYke d in that 
'data is defined in the subscriber's subscriber data to show that when setting 
5 ; up data bails the : closed user group of thi^ data' service is used "as the default 
'■ closed user group. v ' " * M 1 * " ' ' ! ! 

6. Method as defiried in claim 5; S h a r a c t eVized in that 
when setting up a data call,' the* data of the closed ; liser'gr6up of the data 
Service is used automatically as the usergrbujd Bata: 1 " ■ 
TO 1 • 7. Method as'deffin'ed^n^irTi % c'h a rf c t et i zed in that 

when relaying the subscriber's "request for' 1 set-up bf a ' data call, the 
subscriber equipment defined the closed ; user group of the data service for 
" use in the call as the User group: ' 
{ : 3 Mfethod as defined in claim 1 , characterized in that: 

15 ' ^ ; :: the data access 'is defined as belonging to the'blo'sed user group 
of the data service by adding to its access'data in the telephone systerrrdata 
'on an identifier 1 defining Unambiguously the closed user group of the data 
service in the telephone network, " ,,J -- u 

incoming chills oiitside the' user group are barred by adding to the 
20 ' access data data on barring of Incoming calls coming from outside" the 
' closed user group, 'and '' 

* ' " calls within the user'group are permitted by adding to the access 

data data on access for calls within the user group. 
: ; - : rr 9: Methbd : as defined in claim 8/ c h a r a c t e r i z e d in that in 
25 the telephone exchange having ? a data access connected to it whose call 
number the subscriber haS choseh,'' a check is'made tb find out from the user 
group data added to the access data of the data access whether the data 
access' belongs to the useir'group to uSe in the 'incoming data call, 
■ : " ; ' sert-up of the call is barred, if the data "access does "hot belong to 
- 30 the user group to be used in the data ball, and * ' 

; a call is set up to the data access,' if the data access belongs to 
' theusrer group'to be used in the-data call. 

- ' 10. Method as defined in claim 1, c h'a ra c t "e r ized in that 
the data access is a matching unit of an ATM network. 
35 11. Method as defined in claim i , characterized in that 

the data access is a packet assembler/disassemble?' PAD.' 
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12. Method as defined in' claim 1, characterized in that 
the data access is a router of a local area network LAN. 

13. Method as defined in claim 1, characterized in that 

.■V 

the, data access is a subscriber' iine ^allocated fixedly for use by the data 
5 network. : - ; j '■. 

14. Method as defined in claim 1, characterized in that 
the data access is a packet handler. 

4. 

15. Method as defined in claim 1, characterized in that 
the data access is an access router AR. 

10 16. Method as defined in claim 1, characterized in that 

the data signal for'use in the data call connection is in accordance with the 
CCITT V. 1 1 0 specification. < 

17. Method as defined in claim 1, characterized in that 
the data signal for use in the data call connection is in accordance with the 
15 CCITT V. 120 specification. 

18; Method -as defined in- clainrv-1, c h a racterized in that 
the data signal for use in the data call connection is in accordance with the 
CCITT V.24A/.28 specification. ■ . ' : 

19- Method as-deftned in claim 1, characterized in that 
20 the data signal for use in^the ; data call connection is an analogous modem 
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